Khamil1 MetaMask Breach Including Strongblock

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

MetaMask

Reddit user Khamil1 reports that their MetaMask account was breached. This included a Strongblock which they weren't able to transfer to another wallet. The amount of the loss is unknown.

About KHamil1

Khamil1 has been a Reddit user since December 8th, 2021[1]. He operates multiple Strongblock nodes[2] and uses the MetaMask wallet[2], but considers himself "fairly new" to the cryptocurrency space[3].

"I'm fairly new to the crypto space. I wasnt aware that you could integrate the MM and Trezor wallets together."

About MetaMask

MetaMask is the leading self-custodial cryptocurrency wallet used to interact with the Ethereum blockchain[4]. It allows users to access their Ethereum wallet through a browser extension or mobile application, which can then be used to interact with smart contracts[5]. There is an API available for developers to enable easy interaction with their services[6]. In 2016, MetaMask was developed by ConsenSys Software, a blockchain software company focusing on Ethereum-based tools and infrastructure[7][8].

A crypto wallet & gateway to blockchain apps. Start exploring blockchain applications in seconds. Trusted by over 30 million users worldwide.

MetaMask equips you with a key vault, secure login, token wallet, and token exchange—everything you need to manage your digital assets.

MetaMask provides the simplest yet most secure way to connect to blockchain-based applications. You are always in control when interacting on the new decentralized web.

MetaMask generates passwords and keys on your device, so only you have access to your accounts and data. You always choose what to share and what to keep private.

The Reality

Setting up a new wallet is one of the few times that a seed phrase is entered legitimately. Because of this, scammers capitalize by creating fake wallet applications which capture and forward them any seed phrase entered by the user. A common tactic to trick users into installing their malicious "wallet" is to place a sponsored advertisement on a search engine for the wallet name, which directs users to an identical website to the website of the wallet provider they intended to visit. Users often don't notice the different URL and proceed to download the malicious application instead of the wallet. The malicious application often looks similar to the expected wallet software to avoid suspicion, although some attackers may lack the technical experience to make an exact user interface, or modifications may be made to increase the likelihood of a user restoring an existing wallet.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

"To be honest, I'm actually not 100% sure. I went to metamask.io to download the Chrome extension, which I was told is the right site. It asked me for the seed phrase. Some are saying I was supposed to be asked for it, some are saying I wasn't. Anyway, the site appeared to be legit so I entered the phrase. I thought that since I'd never used Metamask on my computer that it was trying to authenticate the account. The next day the hacker drained my account."

Key Event Timeline - Khamil1 MetaMask Breach Including Strongblock
Date Event Description
December 8th, 2021 9:41:15 AM MST Reddit Post An initial Reddit post is made by Khamil1[2].
December 8th, 2021 10:52:14 PM MST Clarification On Events Khamil1 posted further details about the events which lead up to his loss[3].

Technical Details

While Khamil1 is "not 100% sure" what happened, they likely entered "metamask.io" into a search engine and clicked on a sponsored search result with the title "metamask.io" which was at a different URL. They then proceeded to download an application which looked like a MetaMask wallet. Once they entered their seed phrase, then application sent it to the developer, who proceeded to sweep all of their funds.

Total Amount Lost

The total amount lost is unknown.

Immediate Reactions

Khamil1 posted about their situation on Reddit, hoping that they might be able to recover their Strongblock node or rewards.

Discussions On Reddit

Khamil1 posted about their situation on Reddit[2].


So the unthinkable has happened. I purchased multiple Strongblock nodes and my Metamask Wallet was hacked. I know that Strongblock will NOT allow the nodes to be switched to another wallet, so what should I do at this point?? Need less to say I will be discarding that wallet, but first is there ANY way I can route the node rewards to me? Should I try and claim the rewards and when they hit the MM wallet, switch them to another wallet real quick in hopes that the hacker won't notice. I mean, at this point the most that could happen is it doesn't go through, which will be the same position I'm in if I don't try at all.

I really hate that StrongBlock, with all their technological savvy, doesnt have that you can move nodes between wallets. And I still cannot figure out how I ended up on a fake site. I see everywhere that the url for the MM chrome extension is 'metamask.io' and that's exactly what I put in. I'm so disgusted with this whole thing.


"My plan was to claim by rewards at the end of every month. Would you suggest I chance it and try to claim the rewards (if they're still there) at some point and quickly move the rewards to a secure wallet?"

"The reason strongblock doesnt allow wallet node transfers is because if you are hacked, the hacker could steal your nodes as well."

"Also you called them strongnode in the second paragraph, which is a different scam site modeled to look like strongblock, that may be what happened to you"

"There is no "chance" of migrating a compromised wallet's nodes to the right place, because if your wallet is compromised via seed phrase, the scammer would immediately take the nodes just like they take the earnings. Why wouldn't they?"

"To be honest, I'm actually not 100% sure. I went to metamask.io to download the Chrome extension, which I was told is the right site. It asked me for the seed phrase. Some are saying I was supposed to be asked for it, some are saying I wasn't. Anyway, the site appeared to be legit so I entered the phrase. I thought that since I'd never used Metamask on my computer that it was trying to authenticate the account. The next day the hacker drained my account."

Ultimate Outcome

"I'm deeply sorry this happened to you, it's many of our worst nightmare. The best practice is NEVER relinquish your seed phrase to anyone for ANY reason, and to ALWAYS manually type in URLs. Bes of luck moving forward"

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

Ongoing Developments

"David has said they're working on a validation process for node transfers, but given the anonymous and decentralized nature of crypto, this is VERY tricky. and the team has a lot to work on."

Individual Prevention Policies

This loss came about because the private keys were provided to a scammer when setting up a new MetaMask wallet. The best practice is to always ensure that wallets are downloaded from the official source, to verify the integrity by checking the hash, and to never entrust a new wallet with all of your funds.

Private keys can be obtained through seed phrases, mnemonics, private key files, mobile synchronization screens, wallet export features, wallet backups, etc... Never ever send these to anyone else who you do not intend to allow to take all of your money. Attackers will use a wide variety of tactics to convince you like pretending to be your wallet software, pretending they work for the wallet software, or asking you to screen share. Don't fall for them.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Increased education on safe storage of cryptocurrency can help prevent situations like this. In particular, users need to know how to validate wallet software and to use an isolated secure environment for all private keys. While relief is discretionary, an industry insurance fund could assist affected users.

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

Increased education on safe storage of cryptocurrency can help prevent situations like this. In particular, users need to know how to validate wallet software and to use an isolated secure environment for all private keys. While relief is discretionary, an industry insurance fund could assist affected users.

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. KHamil1 User Profile - Reddit (Apr 6, 2023)
  2. 2.0 2.1 2.2 2.3 Khamil1 - "Metamask Linked to Strongblock nodes HACKED" strongblock - Reddit (Sep 17, 2022)
  3. 3.0 3.1 Khamil1 - "The website stipulates that you use MM wallet to purchase the nodes and that's what I did. I'm fairly new to the crypto space." - Reddit (Apr 3, 2023)
  4. MetaMask Homepage (Apr 6, 2023)
  5. Crypto wallet MetaMask finally launches on iOS and Android, and it supports Apple Pay - Mashable (Apr 6, 2023)
  6. MetaMask Developer Documentation (Apr 6, 2023)
  7. New Internet: Blockchain Technology Could Help Us Take Back Our Data from Facebook, Google and Amazon - Newsweek (Apr 6, 2023)
  8. MetaMask - Wikipedia (Apr 6, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Khamil1_MetaMask_Breach_Including_Strongblock&oldid=5001"